configure.ac revision 1.8
1 1.1 manu dnl -*- mode: m4 -*- 2 1.2 manu dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 1.1 manu 4 1.1 manu AC_PREREQ(2.52) 5 1.2 manu AC_INIT(ipsec-tools, CVS) 6 1.1 manu AC_CONFIG_SRCDIR([configure.ac]) 7 1.1 manu AM_CONFIG_HEADER(config.h) 8 1.1 manu 9 1.1 manu AM_INIT_AUTOMAKE(dist-bzip2) 10 1.1 manu 11 1.1 manu AC_ENABLE_SHARED(no) 12 1.1 manu 13 1.1 manu AC_PROG_CC 14 1.1 manu AM_PROG_CC_STDC 15 1.1 manu AC_HEADER_STDC 16 1.1 manu AC_PROG_LIBTOOL 17 1.1 manu AC_PROG_YACC 18 1.1 manu AM_PROG_LEX 19 1.1 manu AC_SUBST(LEXLIB) 20 1.1 manu AC_PROG_EGREP 21 1.1 manu 22 1.1 manu CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 1.1 manu 24 1.1 manu case $host in 25 1.1 manu *netbsd*) 26 1.1 manu LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 1.1 manu ;; 28 1.1 manu *linux*) 29 1.1 manu LIBS="$LIBS -lresolv" 30 1.1 manu INSTALL_OPTS="-o bin -g bin" 31 1.1 manu INCLUDE_GLIBC="include-glibc" 32 1.1 manu RPM="rpm" 33 1.1 manu AC_SUBST(INSTALL_OPTS) 34 1.1 manu AC_SUBST(INCLUDE_GLIBC) 35 1.1 manu AC_SUBST(RPM) 36 1.1 manu ;; 37 1.2 manu *darwin*) 38 1.2 manu LIBS="$LIBS -lresolv" 39 1.2 manu ;; 40 1.1 manu esac 41 1.1 manu 42 1.1 manu # Look up some IPsec-related headers 43 1.1 manu AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44 1.1 manu AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45 1.1 manu AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46 1.5 vanhu AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 47 1.1 manu 48 1.5 vanhu # FreeBSD >=7 has only <netipsec/ipsec.h> 49 1.1 manu # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 50 1.5 vanhu # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 51 1.5 vanhu # we can't decide which one to use (actually <netinet6/ipsec.h>) 52 1.5 vanhu 53 1.5 vanhu 54 1.5 vanhu if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 55 1.1 manu have_netinet_ipsec=yes 56 1.5 vanhu AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 57 1.5 vanhu else 58 1.5 vanhu if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 59 1.5 vanhu have_netinet_ipsec=yes 60 1.5 vanhu AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 61 1.5 vanhu else 62 1.5 vanhu # have_netinet_ipsec will be checked a few lines below 63 1.5 vanhu AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 64 1.5 vanhu fi 65 1.1 manu fi 66 1.1 manu 67 1.1 manu case "$host_os" in 68 1.1 manu *linux*) 69 1.1 manu AC_ARG_WITH(kernel-headers, 70 1.1 manu AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 71 1.1 manu [where your Linux Kernel headers are installed]), 72 1.1 manu [ KERNEL_INCLUDE="$with_kernel_headers" 73 1.1 manu CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 74 1.1 manu AC_SUBST(CONFIGURE_AMFLAGS) ], 75 1.1 manu [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 76 1.1 manu 77 1.2 manu AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 78 1.2 manu [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 79 1.1 manu KERNEL_INCLUDE=/usr/src/linux/include , 80 1.1 manu [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 81 1.1 manu AC_SUBST(KERNEL_INCLUDE) 82 1.1 manu # We need the configure script to run with correct kernel headers. 83 1.1 manu # However we don't want to point to kernel source tree in compile time, 84 1.1 manu # i.e. this will be removed from CPPFLAGS at the end of configure. 85 1.1 manu CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 86 1.1 manu 87 1.1 manu AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 88 1.1 manu [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 89 1.1 manu [Are PF_KEY policy priorities supported?])], [], 90 1.1 manu [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 91 1.1 manu 92 1.1 manu GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 93 1.1 manu GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 94 1.1 manu CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 95 1.2 manu CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 96 1.2 manu AC_SUBST(GLIBC_BUGS) 97 1.1 manu ;; 98 1.1 manu *) 99 1.1 manu if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 100 1.1 manu if test "$have_net_pfkey" = yes; then 101 1.1 manu AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 102 1.1 manu else 103 1.1 manu AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 104 1.1 manu fi 105 1.1 manu fi 106 1.1 manu ;; 107 1.1 manu esac 108 1.1 manu 109 1.1 manu ### Some basic toolchain checks 110 1.1 manu 111 1.1 manu # Checks for header files. 112 1.1 manu AC_HEADER_STDC 113 1.1 manu AC_HEADER_SYS_WAIT 114 1.1 manu AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 115 1.2 manu AC_CHECK_HEADERS(shadow.h) 116 1.1 manu 117 1.1 manu # Checks for typedefs, structures, and compiler characteristics. 118 1.1 manu AC_C_CONST 119 1.1 manu AC_TYPE_PID_T 120 1.1 manu AC_TYPE_SIZE_T 121 1.1 manu AC_HEADER_TIME 122 1.1 manu AC_STRUCT_TM 123 1.1 manu 124 1.1 manu # Checks for library functions. 125 1.1 manu AC_FUNC_MEMCMP 126 1.1 manu AC_TYPE_SIGNAL 127 1.1 manu AC_FUNC_VPRINTF 128 1.2 manu AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 129 1.1 manu AC_REPLACE_FUNCS(strdup) 130 1.1 manu RACOON_CHECK_VA_COPY 131 1.1 manu 132 1.1 manu # Check if printf accepts "%z" type modifier for size_t argument 133 1.1 manu AC_MSG_CHECKING(if printf accepts %z) 134 1.1 manu saved_CFLAGS=$CFLAGS 135 1.1 manu CFLAGS="$CFLAGS -Wall -Werror" 136 1.1 manu AC_TRY_COMPILE([ 137 1.1 manu #include <stdio.h> 138 1.1 manu ], [ 139 1.1 manu printf("%zu\n", (size_t)-1); 140 1.1 manu ], 141 1.1 manu [AC_MSG_RESULT(yes)], 142 1.2 manu [AC_MSG_RESULT(no); 143 1.2 manu CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 144 1.2 manu AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 145 1.2 manu ]) 146 1.1 manu CFLAGS=$saved_CFLAGS 147 1.1 manu 148 1.1 manu # Can we use __func__ macro? 149 1.1 manu AC_MSG_CHECKING(if __func__ is available) 150 1.1 manu AC_TRY_COMPILE( 151 1.1 manu [#include <stdio.h> 152 1.1 manu ], [char *x = __func__;], 153 1.1 manu [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 154 1.1 manu AC_MSG_RESULT(yes)], 155 1.1 manu [AC_MSG_RESULT(no)]) 156 1.1 manu 157 1.1 manu # Check if readline support is requested 158 1.1 manu AC_MSG_CHECKING(if readline support is requested) 159 1.1 manu AC_ARG_WITH(readline, 160 1.1 manu [ --with-readline support readline input (yes by default)], 161 1.1 manu [with_readline="$withval"], [with_readline="yes"]) 162 1.1 manu AC_MSG_RESULT($with_readline) 163 1.1 manu 164 1.1 manu # Is readline available? 165 1.1 manu if test $with_readline != "no"; then 166 1.1 manu AC_CHECK_HEADER([readline/readline.h], 167 1.1 manu [AC_CHECK_LIB(readline, readline, [ 168 1.1 manu AC_DEFINE(HAVE_READLINE, [], 169 1.1 manu [Is readline available?]) 170 1.1 manu LIBS="$LIBS -lreadline" 171 1.1 manu ], [])], []) 172 1.1 manu fi 173 1.1 manu 174 1.2 manu 175 1.2 manu AC_MSG_CHECKING(if --with-flex option is specified) 176 1.2 manu AC_ARG_WITH(flexdir, 177 1.2 manu [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 178 1.2 manu [flexdir="$withval"]) 179 1.2 manu AC_MSG_RESULT(${flexdir-dirdefault}) 180 1.2 manu 181 1.2 manu if test "x$flexdir" != "x"; then 182 1.2 manu LIBS="$LIBS $flexdir/libfl.a" 183 1.2 manu fi 184 1.2 manu 185 1.2 manu AC_MSG_CHECKING(if --with-flexlib option is specified) 186 1.2 manu AC_ARG_WITH(flexlib, 187 1.2 manu [ --with-flexlib=<LIB> specify flex library.], 188 1.2 manu [flexlib="$withval"]) 189 1.2 manu AC_MSG_RESULT(${flexlib-default}) 190 1.2 manu 191 1.2 manu if test "x$flexlib" != "x"; then 192 1.2 manu LIBS="$LIBS $flexlib" 193 1.2 manu fi 194 1.2 manu 195 1.1 manu # Check if a different OpenSSL directory was specified 196 1.1 manu AC_MSG_CHECKING(if --with-openssl option is specified) 197 1.1 manu AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 198 1.1 manu [crypto_dir=$withval]) 199 1.1 manu AC_MSG_RESULT(${crypto_dir-default}) 200 1.1 manu 201 1.1 manu if test "x$crypto_dir" != "x"; then 202 1.1 manu LIBS="$LIBS -L${crypto_dir}/lib" 203 1.8 tteras CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 204 1.1 manu fi 205 1.1 manu AC_MSG_CHECKING(openssl version) 206 1.2 manu 207 1.2 manu AC_TRY_COMPILE( 208 1.2 manu [#include <openssl/opensslv.h> 209 1.2 manu ], 210 1.2 manu [#if OPENSSL_VERSION_NUMBER < 0x0090602fL 211 1.2 manu #error OpenSSL version is too old ... 212 1.2 manu #endif], 213 1.2 manu [AC_MSG_RESULT([ok])], 214 1.2 manu [AC_MSG_RESULT(too old) 215 1.2 manu AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 216 1.2 manu ]) 217 1.2 manu 218 1.1 manu AC_CHECK_HEADERS(openssl/engine.h) 219 1.1 manu 220 1.1 manu # checking rijndael 221 1.1 manu AC_CHECK_HEADERS([openssl/aes.h], [], 222 1.1 manu [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 223 1.1 manu 224 1.1 manu # checking sha2 225 1.1 manu AC_MSG_CHECKING(sha2 support) 226 1.1 manu AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 227 1.2 manu AC_MSG_RESULT(yes) 228 1.1 manu AC_CHECK_HEADER(openssl/sha2.h, [], [ 229 1.2 manu AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 230 1.2 manu AC_TRY_COMPILE([ 231 1.2 manu #ifdef HAVE_SYS_TYPES_H 232 1.2 manu #include <sys/types.h> 233 1.2 manu #endif 234 1.2 manu #include <openssl/sha.h> 235 1.2 manu ], [ 236 1.2 manu SHA256_CTX ctx; 237 1.2 manu ], [ 238 1.2 manu AC_MSG_RESULT(yes) 239 1.2 manu AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 240 1.2 manu ], [AC_MSG_RESULT(no) 241 1.2 manu AC_LIBOBJ([sha2]) 242 1.2 manu CRYPTOBJS="$CRYPTOBJS sha2.o" 243 1.2 manu ]) 244 1.2 manu 245 1.7 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 246 1.2 manu ]) 247 1.1 manu AC_SUBST(CRYPTOBJS) 248 1.1 manu 249 1.2 manu # checking camellia 250 1.2 manu AC_CHECK_HEADERS([openssl/camellia.h]) 251 1.2 manu 252 1.2 manu 253 1.1 manu # Option --enable-adminport 254 1.1 manu AC_MSG_CHECKING(if --enable-adminport option is specified) 255 1.1 manu AC_ARG_ENABLE(adminport, 256 1.1 manu [ --enable-adminport enable admin port], 257 1.1 manu [], [enable_adminport=no]) 258 1.1 manu if test $enable_adminport = "yes"; then 259 1.1 manu AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 260 1.1 manu fi 261 1.1 manu AC_MSG_RESULT($enable_adminport) 262 1.1 manu 263 1.2 manu # Option RC5 264 1.2 manu AC_MSG_CHECKING(if --enable-rc5 option is specified) 265 1.2 manu AC_ARG_ENABLE(rc5, 266 1.2 manu [ --enable-rc5 enable RC5 encryption (patented)], 267 1.2 manu [], [enable_rc5=no]) 268 1.2 manu AC_MSG_RESULT($enable_rc5) 269 1.2 manu 270 1.2 manu if test $enable_rc5 = "yes"; then 271 1.2 manu AC_CHECK_HEADERS([openssl/rc5.h]) 272 1.2 manu AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 273 1.2 manu [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 274 1.2 manu fi 275 1.2 manu 276 1.2 manu # Option IDEA 277 1.2 manu AC_MSG_CHECKING(if --enable-idea option is specified) 278 1.2 manu AC_ARG_ENABLE(idea, 279 1.2 manu [ --enable-idea enable IDEA encryption (patented)], 280 1.2 manu [], [enable_idea=no]) 281 1.2 manu AC_MSG_RESULT($enable_idea) 282 1.2 manu 283 1.2 manu if test $enable_idea = "yes"; then 284 1.2 manu AC_CHECK_HEADERS([openssl/idea.h]) 285 1.2 manu AC_CHECK_LIB([crypto_idea], [idea_encrypt], 286 1.2 manu [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 287 1.2 manu fi 288 1.2 manu AC_SUBST(EXTRA_CRYPTO) 289 1.2 manu 290 1.2 manu # For dynamic libradius 291 1.2 manu RACOON_PATH_LIBS([MD5_Init], [crypto]) 292 1.2 manu 293 1.2 manu # Check if we need -lutil for login(3) 294 1.2 manu RACOON_PATH_LIBS([login], [util]) 295 1.2 manu 296 1.2 manu # Specify libiconv prefix 297 1.2 manu AC_MSG_CHECKING(if --with-libiconv option is specified) 298 1.2 manu AC_ARG_WITH(libiconv, 299 1.2 manu [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 300 1.2 manu [libiconv_dir=$withval], 301 1.2 manu [libiconv_dir=no]) 302 1.2 manu AC_MSG_RESULT($libiconv_dir) 303 1.2 manu if test "$libiconv_dir" != "no"; then 304 1.2 manu if test "$libiconv_dir" = "yes" ; then 305 1.2 manu libiconv_dir=""; 306 1.2 manu fi; 307 1.2 manu if test "x$libiconv_dir" = "x"; then 308 1.2 manu RACOON_PATH_LIBS([iconv_open], [iconv]) 309 1.1 manu else 310 1.2 manu if test -d "$libiconv_dir/lib" -a \ 311 1.2 manu -d "$libiconv_dir/include" ; then 312 1.2 manu RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 313 1.2 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 314 1.2 manu else 315 1.2 manu AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 316 1.2 manu fi 317 1.1 manu fi 318 1.2 manu LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 319 1.2 manu AC_CHECK_FUNCS(iconv_open) 320 1.1 manu fi 321 1.1 manu 322 1.1 manu AC_MSG_CHECKING([if --enable-hybrid option is specified]) 323 1.1 manu AC_ARG_ENABLE(hybrid, 324 1.1 manu [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 325 1.2 manu [], [enable_hybrid=no]) 326 1.2 manu AC_MSG_RESULT($enable_hybrid) 327 1.2 manu 328 1.2 manu if test "x$enable_hybrid" = "xyes"; then 329 1.2 manu case $host in 330 1.2 manu *darwin*) 331 1.2 manu ;; 332 1.2 manu *) 333 1.2 manu LIBS="$LIBS -lcrypt"; 334 1.2 manu ;; 335 1.2 manu esac 336 1.1 manu HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 337 1.1 manu AC_SUBST(HYBRID_OBJS) 338 1.1 manu AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 339 1.2 manu fi 340 1.1 manu 341 1.1 manu AC_MSG_CHECKING([if --enable-frag option is specified]) 342 1.1 manu AC_ARG_ENABLE(frag, 343 1.1 manu [ --enable-frag enable IKE fragmentation payload support], 344 1.2 manu [], [enable_frag=no]) 345 1.2 manu AC_MSG_RESULT($enable_frag) 346 1.2 manu 347 1.2 manu if test "x$enable_frag" = "xyes"; then 348 1.2 manu case $host in 349 1.2 manu *darwin*) 350 1.2 manu ;; 351 1.2 manu *) 352 1.2 manu LIBS="$LIBS -lcrypt"; 353 1.2 manu ;; 354 1.2 manu esac 355 1.1 manu FRAG_OBJS="isakmp_frag.o" 356 1.1 manu AC_SUBST(FRAG_OBJS) 357 1.1 manu AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 358 1.2 manu fi 359 1.1 manu 360 1.1 manu AC_MSG_CHECKING(if --with-libradius option is specified) 361 1.1 manu AC_ARG_WITH(libradius, 362 1.1 manu [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 363 1.1 manu [libradius_dir=$withval], 364 1.1 manu [libradius_dir=no]) 365 1.1 manu AC_MSG_RESULT($libradius_dir) 366 1.1 manu if test "$libradius_dir" != "no"; then 367 1.1 manu if test "$libradius_dir" = "yes" ; then 368 1.1 manu libradius_dir=""; 369 1.1 manu fi; 370 1.1 manu if test "x$libradius_dir" = "x"; then 371 1.2 manu RACOON_PATH_LIBS([rad_create_request], [radius]) 372 1.1 manu else 373 1.1 manu if test -d "$libradius_dir/lib" -a \ 374 1.1 manu -d "$libradius_dir/include" ; then 375 1.2 manu RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 376 1.1 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 377 1.1 manu else 378 1.1 manu AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 379 1.1 manu fi 380 1.1 manu fi 381 1.1 manu AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 382 1.1 manu LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 383 1.1 manu AC_CHECK_FUNCS(rad_create_request) 384 1.1 manu fi 385 1.1 manu 386 1.1 manu AC_MSG_CHECKING(if --with-libpam option is specified) 387 1.1 manu AC_ARG_WITH(libpam, 388 1.1 manu [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 389 1.1 manu [libpam_dir=$withval], 390 1.1 manu [libpam_dir=no]) 391 1.1 manu AC_MSG_RESULT($libpam_dir) 392 1.1 manu if test "$libpam_dir" != "no"; then 393 1.1 manu if test "$libpam_dir" = "yes" ; then 394 1.1 manu libpam_dir=""; 395 1.1 manu fi; 396 1.1 manu if test "x$libpam_dir" = "x"; then 397 1.2 manu RACOON_PATH_LIBS([pam_start], [pam]) 398 1.1 manu else 399 1.1 manu if test -d "$libpam_dir/lib" -a \ 400 1.1 manu -d "$libpam_dir/include" ; then 401 1.2 manu RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 402 1.1 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 403 1.1 manu else 404 1.1 manu AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 405 1.1 manu fi 406 1.1 manu fi 407 1.1 manu AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 408 1.1 manu LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 409 1.2 manu AC_CHECK_FUNCS(pam_start) 410 1.2 manu fi 411 1.2 manu 412 1.2 manu AC_MSG_CHECKING(if --with-libldap option is specified) 413 1.2 manu AC_ARG_WITH(libldap, 414 1.2 manu [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 415 1.2 manu [libldap_dir=$withval], 416 1.2 manu [libldap_dir=no]) 417 1.2 manu AC_MSG_RESULT($libldap_dir) 418 1.2 manu if test "$libldap_dir" != "no"; then 419 1.2 manu if test "$libldap_dir" = "yes" ; then 420 1.2 manu libldap_dir=""; 421 1.2 manu fi; 422 1.2 manu if test "x$libldap_dir" = "x"; then 423 1.2 manu RACOON_PATH_LIBS([ldap_init], [ldap]) 424 1.2 manu else 425 1.2 manu if test -d "$libldap_dir/lib" -a \ 426 1.2 manu -d "$libldap_dir/include" ; then 427 1.2 manu RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 428 1.2 manu CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 429 1.2 manu else 430 1.2 manu AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 431 1.2 manu fi 432 1.2 manu fi 433 1.2 manu AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 434 1.2 manu LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 435 1.2 manu 436 1.2 manu saved_CFLAGS=$CFLAGS 437 1.2 manu CFLAGS="$CFLAGS -Wall -Werror" 438 1.2 manu saved_CPPFLAGS=$CPPFLAGS 439 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 440 1.2 manu AC_TRY_COMPILE( 441 1.2 manu [#include <ldap.h>], 442 1.2 manu [ 443 1.2 manu #if LDAP_API_VERSION < 2004 444 1.2 manu #error OpenLDAP version is too old ... 445 1.2 manu #endif 446 1.2 manu ], 447 1.2 manu [AC_MSG_RESULT([ok])], 448 1.2 manu [ 449 1.2 manu AC_MSG_RESULT(too old) 450 1.2 manu AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 451 1.2 manu ]) 452 1.2 manu CFLAGS=$saved_CFLAGS 453 1.2 manu CPPFLAGS=$saved_CPPFLAGS 454 1.2 manu fi 455 1.2 manu 456 1.2 manu # Check for Kerberos5 support 457 1.2 manu # XXX This must come after all --with-* tests, else the 458 1.2 manu # -liconv checks will not work 459 1.2 manu AC_MSG_CHECKING(if --enable-gssapi option is specified) 460 1.2 manu AC_ARG_ENABLE(gssapi, 461 1.2 manu [ --enable-gssapi enable GSS-API authentication], 462 1.2 manu [], [enable_gssapi=no]) 463 1.2 manu AC_MSG_RESULT($enable_gssapi) 464 1.2 manu AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 465 1.2 manu if test "x$enable_gssapi" = "xyes"; then 466 1.2 manu if test "$KRB5_CONFIG" != "no"; then 467 1.2 manu krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 468 1.2 manu krb5_libs="`$KRB5_CONFIG --libs gssapi`" 469 1.2 manu else 470 1.2 manu # No krb5-config; let's make some assumptions based on 471 1.2 manu # the OS. 472 1.2 manu case $host_os in 473 1.2 manu netbsd*) 474 1.2 manu krb5_incdir="-I/usr/include/krb5" 475 1.2 manu krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 476 1.2 manu ;; 477 1.2 manu *) 478 1.2 manu AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 479 1.2 manu ;; 480 1.2 manu esac 481 1.2 manu fi 482 1.2 manu LIBS="$LIBS $krb5_libs" 483 1.2 manu CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 484 1.2 manu AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 485 1.2 manu 486 1.2 manu # Check if iconv 2nd argument needs const 487 1.2 manu saved_CFLAGS=$CFLAGS 488 1.2 manu CFLAGS="$CFLAGS -Wall -Werror" 489 1.2 manu saved_CPPFLAGS=$CPPFLAGS 490 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 491 1.2 manu AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 492 1.2 manu AC_MSG_CHECKING([if iconv second argument needs const]) 493 1.2 manu AC_TRY_COMPILE([ 494 1.2 manu #include <iconv.h> 495 1.2 manu #include <stdio.h> 496 1.2 manu ], [ 497 1.2 manu iconv_t cd = NULL; 498 1.2 manu const char **src = NULL; 499 1.2 manu size_t *srcleft = NULL; 500 1.2 manu char **dst = NULL; 501 1.2 manu size_t *dstleft = NULL; 502 1.2 manu 503 1.2 manu (void)iconv(cd, src, srcleft, dst, dstleft); 504 1.2 manu ], [AC_MSG_RESULT(yes) 505 1.2 manu AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 506 1.2 manu ], [AC_MSG_RESULT(no)]) 507 1.2 manu CFLAGS=$saved_CFLAGS 508 1.2 manu CPPFLAGS=$saved_CPPFLAGS 509 1.2 manu 510 1.2 manu # libiconv is often integrated into libc. If a with-* option 511 1.2 manu # caused a non libc-based iconv.h to be catched instead of 512 1.2 manu # the libc-based iconv.h, then we need to link with -liconv 513 1.2 manu AC_MSG_CHECKING(if -liconv is required) 514 1.2 manu saved_CPPFLAGS=$CPPFLAGS 515 1.2 manu saved_LIBS=$LIBS 516 1.2 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 517 1.2 manu AC_TRY_LINK([ 518 1.2 manu #include <iconv.h> 519 1.2 manu ], [ 520 1.2 manu (void)iconv_open("ascii", "ascii"); 521 1.2 manu ], 522 1.2 manu [AC_MSG_RESULT(no)], 523 1.2 manu [ 524 1.2 manu LIBS="$LIBS -liconv" 525 1.2 manu AC_TRY_LINK([ 526 1.2 manu #include <iconv.h> 527 1.2 manu ], [ 528 1.2 manu (void)iconv_open("ascii", "ascii"); 529 1.2 manu ], 530 1.2 manu [ 531 1.2 manu AC_MSG_RESULT(yes) 532 1.2 manu saved_LIBS=$LIBS 533 1.2 manu ], [ 534 1.2 manu AC_MSG_ERROR([cannot use iconv]) 535 1.2 manu ]) 536 1.2 manu ]) 537 1.2 manu CPPFLAGS=$saved_CPPFLAGS 538 1.2 manu LIBS=$saved_LIBS 539 1.1 manu fi 540 1.1 manu 541 1.1 manu AC_MSG_CHECKING(if --enable-stats option is specified) 542 1.1 manu AC_ARG_ENABLE(stats, 543 1.1 manu [ --enable-stats enable statistics logging function], 544 1.1 manu [], [enable_stats=no]) 545 1.1 manu if test "x$enable_stats" = "xyes"; then 546 1.1 manu AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 547 1.1 manu fi 548 1.1 manu AC_MSG_RESULT($enable_stats) 549 1.1 manu 550 1.1 manu AC_MSG_CHECKING(if --enable-dpd option is specified) 551 1.1 manu AC_ARG_ENABLE(dpd, 552 1.1 manu [ --enable-dpd enable dead peer detection], 553 1.1 manu [], [enable_dpd=no]) 554 1.1 manu if test "x$enable_dpd" = "xyes"; then 555 1.1 manu AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 556 1.1 manu fi 557 1.1 manu AC_MSG_RESULT($enable_dpd) 558 1.1 manu 559 1.2 manu AC_MSG_CHECKING(if --enable-fastquit option is specified) 560 1.2 manu AC_ARG_ENABLE(fastquit, 561 1.2 manu [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 562 1.2 manu [], [enable_fastquit=no]) 563 1.2 manu if test "x$enable_fastquit" = "xyes"; then 564 1.2 manu AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 565 1.2 manu fi 566 1.2 manu AC_MSG_RESULT($enable_fastquit) 567 1.2 manu 568 1.1 manu 569 1.1 manu AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 570 1.1 manu AC_ARG_ENABLE(samode-unspec, 571 1.1 manu [ --enable-samode-unspec enable to use unspecified a mode of SA], 572 1.1 manu [], [enable_samode_unspec=no]) 573 1.1 manu if test "x$enable_samode_unspec" = "xyes"; then 574 1.2 manu case $host_os in 575 1.2 manu *linux*) 576 1.2 manu cat << EOC 577 1.2 manu 578 1.2 manu ERROR: --enable-samode-unspec is not supported under linux 579 1.2 manu because linux kernel do not support it. This option is disabled 580 1.2 manu to prevent mysterious problems. 581 1.2 manu 582 1.2 manu If you REALLY know what your are doing, remove this check. 583 1.2 manu EOC 584 1.2 manu exit 1; 585 1.2 manu ;; 586 1.2 manu esac 587 1.1 manu AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 588 1.1 manu fi 589 1.1 manu AC_MSG_RESULT($enable_samode_unspec) 590 1.1 manu 591 1.1 manu # Checks if IPv6 is requested 592 1.1 manu AC_MSG_CHECKING([whether to enable ipv6]) 593 1.1 manu AC_ARG_ENABLE(ipv6, 594 1.1 manu [ --disable-ipv6 disable ipv6 support], 595 1.1 manu [ case "$enableval" in 596 1.1 manu no) 597 1.1 manu AC_MSG_RESULT(no) 598 1.1 manu ipv6=no 599 1.1 manu ;; 600 1.1 manu *) AC_MSG_RESULT(yes) 601 1.1 manu ipv6=yes 602 1.1 manu ;; 603 1.1 manu esac ], 604 1.1 manu 605 1.1 manu AC_TRY_RUN([ /* AF_INET6 avalable check */ 606 1.1 manu #include <sys/types.h> 607 1.1 manu #include <sys/socket.h> 608 1.1 manu main() 609 1.1 manu { 610 1.1 manu exit(0); 611 1.1 manu if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 612 1.1 manu exit(1); 613 1.1 manu else 614 1.1 manu exit(0); 615 1.1 manu } 616 1.1 manu ], 617 1.1 manu AC_MSG_RESULT(yes) 618 1.1 manu AC_DEFINE([INET6], [], [Support IPv6]) 619 1.1 manu ipv6=yes, 620 1.1 manu AC_MSG_RESULT(no) 621 1.1 manu ipv6=no, 622 1.1 manu AC_MSG_RESULT(no) 623 1.1 manu ipv6=no 624 1.1 manu )) 625 1.1 manu 626 1.1 manu if test "$ipv6" = "yes"; then 627 1.2 manu AC_DEFINE([INET6], [], [Support IPv6]) 628 1.1 manu AC_MSG_CHECKING(for advanced API support) 629 1.1 manu AC_TRY_COMPILE([#ifndef INET6 630 1.1 manu #define INET6 631 1.1 manu #endif 632 1.1 manu #include <sys/types.h> 633 1.1 manu #include <netinet/in.h>], 634 1.1 manu [struct in6_pktinfo a;], 635 1.1 manu [AC_MSG_RESULT(yes) 636 1.1 manu AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 637 1.1 manu [AC_MSG_RESULT(no)]) 638 1.1 manu fi 639 1.1 manu 640 1.1 manu RACOON_CHECK_BUGGY_GETADDRINFO 641 1.1 manu if test "$buggygetaddrinfo" = "yes"; then 642 1.1 manu AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 643 1.1 manu fi 644 1.1 manu 645 1.1 manu # Check if kernel support is available for NAT-T, defaults to no. 646 1.1 manu kernel_natt="no" 647 1.1 manu 648 1.1 manu AC_MSG_CHECKING(kernel NAT-Traversal support) 649 1.1 manu case $host_os in 650 1.1 manu linux*) 651 1.1 manu # Linux kernel NAT-T check 652 1.1 manu AC_EGREP_CPP(yes, 653 1.1 manu [#include <linux/pfkeyv2.h> 654 1.1 manu #ifdef SADB_X_EXT_NAT_T_TYPE 655 1.1 manu yes 656 1.1 manu #endif 657 1.1 manu ], [kernel_natt="yes"]) 658 1.1 manu ;; 659 1.1 manu freebsd*|netbsd*) 660 1.1 manu # NetBSD case 661 1.1 manu # Same check for FreeBSD 662 1.1 manu AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 663 1.1 manu [kernel_natt="yes"],, [ 664 1.1 manu #define _KERNEL 665 1.1 manu #include <sys/types.h> 666 1.1 manu #include <net/pfkeyv2.h> 667 1.1 manu ]) 668 1.1 manu ;; 669 1.1 manu esac 670 1.1 manu AC_MSG_RESULT($kernel_natt) 671 1.1 manu 672 1.1 manu AC_MSG_CHECKING(whether to support NAT-T) 673 1.1 manu AC_ARG_ENABLE(natt, 674 1.1 manu [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 675 1.2 manu [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 676 1.2 manu [ enable_natt=no ]) 677 1.1 manu AC_MSG_RESULT($enable_natt) 678 1.1 manu 679 1.1 manu if test "$enable_natt" = "yes"; then 680 1.1 manu if test "$kernel_natt" = "no" ; then 681 1.1 manu AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 682 1.1 manu else 683 1.1 manu AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 684 1.1 manu NATT_OBJS="nattraversal.o" 685 1.1 manu AC_SUBST(NATT_OBJS) 686 1.1 manu fi 687 1.1 manu fi 688 1.1 manu 689 1.2 manu # Set up defines for supported NAT-T versions. 690 1.2 manu natt_versions_default="00,02,rfc" 691 1.2 manu AC_MSG_CHECKING(which NAT-T versions to support) 692 1.2 manu AC_ARG_ENABLE(natt_versions, 693 1.2 manu [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 694 1.2 manu [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 695 1.2 manu [ enable_natt_versions=$natt_versions_default ]) 696 1.2 manu if test "$enable_natt" = "yes"; then 697 1.2 manu AC_MSG_RESULT($enable_natt_versions) 698 1.2 manu for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 699 1.2 manu case $i in 700 1.2 manu 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 701 1.2 manu 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 702 1.2 manu 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 703 1.2 manu 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 704 1.2 manu 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 705 1.2 manu 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 706 1.2 manu 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 707 1.2 manu 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 708 1.2 manu 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 709 1.2 manu RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 710 1.2 manu *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 711 1.2 manu esac 712 1.2 manu done 713 1.2 manu unset i 714 1.2 manu else 715 1.2 manu AC_MSG_RESULT([none]) 716 1.1 manu fi 717 1.1 manu 718 1.2 manu AC_MSG_CHECKING(if --enable-broken-natt option is specified) 719 1.2 manu AC_ARG_ENABLE(broken-natt, 720 1.2 manu [ --enable-broken-natt broken in-kernel NAT-T], 721 1.2 manu [], [enable_broken_natt=no]) 722 1.2 manu if test "x$enable_broken_natt" = "xyes"; then 723 1.2 manu AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 724 1.1 manu fi 725 1.2 manu AC_MSG_RESULT($enable_broken_natt) 726 1.1 manu 727 1.1 manu AC_MSG_CHECKING(whether we support FWD policy) 728 1.1 manu case $host in 729 1.1 manu *linux*) 730 1.1 manu AC_TRY_COMPILE([ 731 1.1 manu #include <inttypes.h> 732 1.1 manu #include <linux/ipsec.h> 733 1.1 manu ], [ 734 1.1 manu int fwd = IPSEC_DIR_FWD; 735 1.1 manu ], 736 1.1 manu [AC_MSG_RESULT(yes) 737 1.1 manu AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 738 1.1 manu [AC_MSG_RESULT(no)]) 739 1.1 manu ;; 740 1.1 manu *) 741 1.1 manu AC_MSG_RESULT(no) 742 1.1 manu ;; 743 1.1 manu esac 744 1.1 manu 745 1.2 manu AC_CHECK_TYPE([ipsec_policy_t], 746 1.2 manu [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 747 1.2 manu [], 748 1.2 manu [ 749 1.2 manu #include <sys/types.h> 750 1.2 manu #include <netinet6/ipsec.h> 751 1.2 manu ]) 752 1.2 manu 753 1.2 manu # Check if kernel support is available for Security Context, defaults to no. 754 1.2 manu kernel_secctx="no" 755 1.2 manu 756 1.2 manu AC_MSG_CHECKING(kernel Security Context support) 757 1.2 manu case $host_os in 758 1.2 manu linux*) 759 1.2 manu # Linux kernel Security Context check 760 1.2 manu AC_EGREP_CPP(yes, 761 1.2 manu [#include <linux/pfkeyv2.h> 762 1.2 manu #ifdef SADB_X_EXT_SEC_CTX 763 1.2 manu yes 764 1.2 manu #endif 765 1.2 manu ], [kernel_secctx="yes"]) 766 1.2 manu ;; 767 1.2 manu esac 768 1.2 manu AC_MSG_RESULT($kernel_secctx) 769 1.2 manu 770 1.6 mgrooms AC_CHECK_HEADER(selinux/selinux.h, 771 1.6 mgrooms [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 772 1.6 mgrooms [selinux_support=no])], [selinux_support=no]) 773 1.6 mgrooms 774 1.2 manu AC_MSG_CHECKING(whether to support Security Context) 775 1.2 manu AC_ARG_ENABLE(security-context, 776 1.2 manu [ --enable-security-context enable Security Context(yes/no/kernel)], 777 1.4 manu [if test "$enable_security_context" = "kernel"; then 778 1.2 manu enable_security_context=$kernel_secctx; fi], 779 1.2 manu [enable_security_context=$kernel_secctx]) 780 1.2 manu AC_MSG_RESULT($enable_security_context) 781 1.2 manu 782 1.2 manu if test "$enable_security_context" = "yes"; then 783 1.2 manu if test "$kernel_secctx" = "no" ; then 784 1.2 manu AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 785 1.2 manu else 786 1.6 mgrooms if test "$selinux_support" = "no"; then 787 1.6 mgrooms AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 788 1.6 mgrooms else 789 1.6 mgrooms AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 790 1.6 mgrooms SECCTX_OBJS="security.o" 791 1.6 mgrooms AC_SUBST(SECCTX_OBJS) 792 1.6 mgrooms LIBS="$LIBS -lselinux" 793 1.6 mgrooms fi 794 1.2 manu fi 795 1.2 manu fi 796 1.2 manu 797 1.1 manu CFLAGS="$CFLAGS $CFLAGS_ADD" 798 1.1 manu CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 799 1.1 manu 800 1.1 manu case $host in 801 1.1 manu *linux*) 802 1.1 manu # Remove KERNEL_INCLUDE from CPPFLAGS. It will 803 1.1 manu # be symlinked to src/include-glibc/linux in 804 1.1 manu # compile time. 805 1.1 manu CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 806 1.1 manu ;; 807 1.1 manu esac 808 1.1 manu 809 1.1 manu include_racoondir=${includedir}/racoon 810 1.1 manu AC_SUBST(include_racoondir) 811 1.1 manu 812 1.1 manu AC_CONFIG_FILES([ 813 1.1 manu Makefile 814 1.1 manu package_version.h 815 1.1 manu src/Makefile 816 1.1 manu src/include-glibc/Makefile 817 1.1 manu src/libipsec/Makefile 818 1.1 manu src/setkey/Makefile 819 1.1 manu src/racoon/Makefile 820 1.1 manu src/racoon/samples/psk.txt 821 1.1 manu src/racoon/samples/racoon.conf 822 1.1 manu rpm/Makefile 823 1.1 manu rpm/suse/Makefile 824 1.2 manu rpm/suse/ipsec-tools.spec 825 1.1 manu ]) 826 1.1 manu AC_OUTPUT 827
Indexes created Sat Feb 28 05:31:39 UTC 2026